Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Arch Linux 安全漏洞
Vulnerability Description
Arch Linux是Arch开源的一个应用系统。一个轻量级且灵活的Linux®发行版,试图使它保持简单。 Arch Linux中存在安全漏洞,该漏洞源于处理TELNET请求并解析NEW_ENV时使用了未初始化的变量,远程攻击者可以利用该漏最多读取1800字节的影响控制TELNET服务器。 受影响的产品及版本包括:Arch Linux:所有版本
CVSS Information
N/A
Vulnerability Type
N/A